New York SHIELD Act Compliance Service | Expert Privacy Lawyers

The New York SHIELD Act came into effect on March 21, 2020. The NY SHIELD Act contains new compliance obligations for many organizations around the world that do business with New York residents. Businesses subject to the NY SHIELD Act are required to develop, implement, and maintain specific safeguards to protect the confidentiality, integrity, and availability of New York consumers’ private information.

VeraSafe’s NY SHIELD Act compliance program connects your team with our experienced privacy attorneys, information security experts, and project managers, to ensure that your organization is fully compliant with New York’s Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”).

VeraSafe’s NY SHIELD Act Compliance Program Includes:

Mapping of NY SHIELD Act Regulated Data Stores & Data Flows

VeraSafe will guide you through a discovery exercise to develop a comprehensive inventory of the personal information that your business holds and processes. This record of data processing will be a foundational element of your SHIELD Act compliance project.

Policy and Procedure Review

VeraSafe will review and revise your organization’s data security and data protection policies and procedures. These should include, among others:

A High Level Data Security Policy.
A BYOD Policy.
A Data Breach Policy and Incident Response Plan.
A Business Continuity and Disaster Recovery Plan.
Employee Confidentiality Agreements.

We will assess the procedures your organization currently has in place, identify gaps in your procedures, and implement measures that will close your organization’s current gaps (including drafting any missing policies and procedures). We have a wide range of policies and standard operating procedure templates which can be customized for the unique needs of your organization, and to ensure that you fulfil the administrative, technical, and physical security requirements set out in the NY SHIELD Act.

Vendor Risk Management

Under the SHIELD Act your organization’s service providers must also be able to maintain appropriate safeguards for the regulated information your organization entrusts them with. Your organization must pass down this statutory data protection obligation to your service providers, by way of a contract with each such service provider.

VeraSafe has a sophisticated vendor management methodology, including extensive experience in negotiating data processing agreements with our clients’ service providers. VeraSafe can efficiently renegotiate contractual terms on your behalf to ensure that your vendors provide their services in compliance with the SHIELD Act. VeraSafe routinely conducts security and compliance due diligence on our clients’ vendors, which relieves our clients of this considerable operational burden.

Incident and Data Breach Response Planning

Based on our template, VeraSafe’s experts will help you tailor a rapid response plan for any potential compliance incident under the scope of the NY SHIELD Act, such as a data breach.

IT Vulnerability Assessment and Penetration Testing

To fulfil the requirements of the SHIELD Act concerning technical safeguards, your organization should conduct a formal information security risk assessment on an annual basis. Our experts can conduct a complete information security risk assessment on your behalf, in compliance with the NY SHIELD Act.

VeraSafe can advise your organization in an impartial way concerning new technical, procedural, and — if applicable — physical security controls to mitigate unresolved information security risks identified in the risk assessment.

Privacy Training

VeraSafe provides an on-demand web-based privacy and data security training solution, which can be rolled out across your entire organization. Each training module includes a quiz to document compliance and comprehension. The training can be easily deployed as SCORM modules in your learning management system, or in VeraSafe’s cloud-based LMS.